Pages

Monday, September 16, 2013

Best browser, Java and Flash security scanner

Security threats which infect through the web browser and plugins are extremely common. With only one out of five internet users running an up-to-date version of Java, the situation is definitely alarming. Fortunately, it is easy to use a free online tool to check the security status of your web browser as well as your plugins, such as Flash, Java, Acrobat and Silverlight.

For example, security analysis has recently showed that 81% of the computers online is running an outdated Java version which carries one or several severe security vulnerabilities. Out of these 81%, 40% of the computers were running Java version 6, which is an outdated Java version since Java 7 was released 2 years ago. In addition, Java is installed on 84% of corporate computers. Java, however, is not alone either, and the same analysis also shows that more than 40% of all corporate computers are running an outdated version of Adobe Flash and Acrobat.

The above figures shows the lack of security for the majority of the online computers. Since attacks against plugins and add-ons are independent of web browser (Firefox, Internet Explorer, Chrome etc...) this clearly makes attacks against web browsers and its plugins a highly attractive attack vector for malicious users, in particular since web-browser based attacks commonly do not require user interference and infections or exploits can be performed by simply letting the users visit an infected website. Imagine a major website being infected with attack payloads, considering the vast number of users who run outdated browsers and plugins, the number of potential exploitable targets is just huge and horrifying.

Scan your browser and its plugins for vulnerabilities

While having updated and functional security software (antivirus, firewall, anti-malware) installed should be the absolute minimum for all internet users, such software do not actively monitor the state of a browser and its plugin. Since security software are not completely impenetrable, the users should also ensure that their systems are running software with as few security vulnerabilities as possible.

One aspect that many internet users miss is to ensure that their web browser as well as their plugins, commonly Flash, Java and Acrobat, are up-to-date and secure. Therefore, Qualys (cloud security company) has released an online scanner. The scanner is run within the web browser and the users simply have to visit the Qualys BrowserCheck homepage which will automatically check the security status of the user web browser, and all of its plugins and add-ons.

In addition, the Qualys BrowserCheck is available as a plugin, that in addition also will automatically monitor the status of the security status of the operating system and the status of the security software installed.

Do not overlook the dangers of web browser plugins!

While relying on automatic security software and automatic updates may seem like a convenient way to ensure security, considering the high risks involved with having an outdated browser and browser plugins, it is definitely worth to at least once in a while let an independent service scan to check if everything is up-to-date and secure. The plugin itself from Qualys may be questionable, as I personally hate to have more than just the critical functional plugins installed, both from a security and from a performance stand point, but again, this is a matter of personal taste.